CVE-2023-35952
https://notcve.org/view.php?id=CVE-2023-35952
An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing comments within the geometric faces section within an OFF file. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784 • CWE-121: Stack-based Buffer Overflow •
CVE-2023-35951
https://notcve.org/view.php?id=CVE-2023-35951
An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing geometric vertices of an OFF file. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784 • CWE-121: Stack-based Buffer Overflow •
CVE-2023-35950
https://notcve.org/view.php?id=CVE-2023-35950
An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing the header of an OFF file. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784 • CWE-121: Stack-based Buffer Overflow •
CVE-2023-35949
https://notcve.org/view.php?id=CVE-2023-35949
An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing geometric faces of an OFF file. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784 • CWE-121: Stack-based Buffer Overflow •
CVE-2024-28886
https://notcve.org/view.php?id=CVE-2024-28886
OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file (.ust file), an arbitrary OS command may be executed. La vulnerabilidad de inyección de comandos del sistema operativo existe en versiones de UTAU anteriores a la v0.4.19. Si un usuario del producto abre un archivo de proyecto UTAU manipulado (archivo .ust), se puede ejecutar un comando arbitrario del sistema operativo. • https://jvn.jp/en/jp/JVN71404925 https://utau2008.xrea.jp • CWE-94: Improper Control of Generation of Code ('Code Injection') •